The code contained within the <act> elements
is the same as seen in a UNIX script (ksh or sh)
or a Windows batch script.

Using Environment Variables

Environment variables are exported and available to actions. These comprise
any one of the schema-mapped attributes that have values on the user (defined
in the resource schema map in the Identity System Resource Attribute column),
prefixed by WSUSER_. For instance, the preceding example uses the environment
variable WSUSER_AccountId, formed by preceding the AccountId attribute defined
in the Solaris resource schema map by WSUSER_. These variables should be identified
as environment variables within the respective shell, so that in Solaris,
the variable name is preceded by $ (dollar sign).

Because OS/400 does not have variable substitution in its command language,
the resource adapter looks for variable names, and carries out the substitution
before transmitting the command line to the resource. To make recognition
of variables possible, you must add a $ before and after a variable. Specifically,
to use WSUSER_AccountId in an OS/400 script, enter the following text in the
command line: $accountId$. Note the exclusion of “WSUSER”.

Implementing After Actions

Identity Manager only pushes changed attributes to a resource on an update.
An action cannot access any attributes that have not changed. If you write
an after action that requires an attribute that might be unchanged, consider
the following workaround:

Accessing Unchanged Attributes

Add an extra attribute to the resource’s schema map that
mimics the account attribute that you need to access. For example, if you
need to access the fullname account attribute, you could
create an attribute named shadow_fullname. In the Resource
User Attribute column of the schema map, add the value IGNORE_ATTR.
for this new attribute to prevent the adapter from trying to use it.

Reference %WSUSER_shadow_fullname% in your
action so that it can get the value.

Identity Manager never retrieves
an attribute that is set to IGNORE_ATTR. As a result, Identity Manager considers
the contents of an attribute such as shadow_fullname as
a new value. The attribute is always pushed to the adapter and is available
to after actions.

Creating an Action File

Keep the following items in mind when creating an action file.

If you change any variable names in the Identity Manager Resource
Attribute column on the schema map, you must change the names in this object
as well.

Because the actions are included in an XML expression, some
characters must be escaped. Escape these characters as follows:

& (ampersand): &amp;

< (less than): &lt;

On UNIX resources, spaces in attribute names are replaced
with _ (underscore). On Windows resources, spaces are maintained.

Multi-valued attributes consist of a comma-separated list,
as in:

WSUSER_groups=staff,admin,users

Gateway-based adapters use a pipe-delimited list for multi-valued
attributes. For example:

WSUSER_NotesGroups=group1|group2|group3

On Active Directory resources, actions are run using the Windows
command interpreter cmd.exe with extensions enabled.

Actions that
run before a user operation must return a zero value. Otherwise, the operation
is aborted.

A Javascript is assumed to have completed successfully unless
it throws an exception.

Loading the Action File into Identity Manager

Follow these steps to import the action into Identity Manager:

Importing the Action File

Log in to the Identity Manager Administrator Interface.

From the menu bar, select Configure, then Import Exchange File.

Enter or browse for the XML file containing the action, and then
click Import.